[openstack-dev] [tripleo] [tripleo-quickstart] Tripleo-Quickstart root privileges

Yolanda Robla Mota yroblamo at redhat.com
Tue Nov 22 12:20:30 UTC 2016


Hi all
I wanted to start a thread about the current privileges model for TripleO quickstart.
Currently there is the assumption that quickstart does not need root privileges after the environment and provision roles. However, this assumption cannot be valid for several use cases.
In particular, I have the need of creating working directories outside the home directory of the user running quickstart. This can be useful on environments where /home partition is small and cannot be modified (so there is not enough disk space to host TripleO quickstart artifacts there).
This is the change i'm working on for that use case: https://review.openstack.org/#/c/384892

As you can see, to be able to create working directories outside home directories, it will need root privileges to properly create the initial working dir and give proper permissions. This break current model but I think it could provide advantages and flexibility to the deployment. So what are your thoughts about it, shall we continue with that and change privileges model? The alternative I can see is to just limit the working directory to home directory, but then do not offer the ability to customize it, and document that restriction on TripleO quickstart properly.

Best

Yolanda Robla
yroblamo at redhat.com
Principal Software Engineer - NFV Partner Engineer




More information about the OpenStack-dev mailing list